Server only reachable over VPN
This is normal. Port forwarding only works for connections from the outside in. Port forwarding will not allow servers on a LAN to connect to machines on that same LAN using the router's public IP address. That requires a form of dual NAT (NAT both before routing and after routing) called hairpinning.
Some routers do hairpinning when you configure port forwarding, which confuses some people into thinking port forwarding does this. But it does not.
I explained it in more detail here.